Strategy: Securing The Data Warehouse

Brian Prince04/01/12

Strategy: Securing The Data Warehouse

It is easy to dismiss data warehouse security. After all, it is probably more tempting to ­focus first and foremost on the customer-facing applications in an enterprise. But ­attackers care about corporate data, making any place it is stored a potential target. ­Fortunately, many of the basic strategies employed by enterprises to protect their ­databases can be ported over to the data warehouse. Strong access controls based on roles is a key element of securing enterprise data warehouses.

For those concerned about internal security, it is recommended that those access controls go beyond the BI layer of the reporting tool and down to the data warehouse itself. But any sound security strategy will have to start with identifying the data that will be loaded into the target data warehouse and classifying it according to its sensitivity.

It is important to remember, too, that—as always—security is not a static state but an ongoing process. It does not stop when your data warehouse project is completed. Organizations need to continually audit and monitor security policies and data usage to ensure that both the security and ­business requirements of the organization are being met. With proper planning and ­configuration, organizations can strike the right balance between security and the ­ultimate goal of data warehousing projects—sharing information so that it can be ­leveraged to provide value to the organization. (S4750412)